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Amendments to the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in 
the application: 
Listing of Claims : 

1 . (previously presented) A method of communicating to a server machine a 
certificate of a user which is sent by a client machine via a security module of a 
computer system, wherein a first protocol used between the client machine and the 
server machine is a non-secure stateless protocol, and a second protocol used between 
the client machine and the security module is a secure stateless protocol, said method 
comprising: 

inserting said certificate unmodified into a cookie header of a request in the 
first protocol; and 

transmitting the request, including said cookie header containing said 
certificate, from the security module to the server machine using said first protocol; 

wherein said certificate has a plurality of separators; and 

wherein said cookie header of said request includes a plurality of cookies. 

2. (previously presented) A method according to claim 1, further comprising: 
removing from said certificate all separators used in headers of the request 

prior to insertion of said certificate into said cookie header of said request. 

3. (previously presented) A method according to claim 1, wherein said 
inserting step further comprises: 
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determining, prior to the inserting step, whether an existing cookie header is 
present in the request sent by the client machine; and 

creating a new cookie header if said existing cookie header is not present in 
the request sent by the client machine. 

4. (previously presented) A method according to claim 3, further comprising: 
adding a specific cookie into the existing or new cookie header; and 
assigning a configurable default name to said specific cookie to enable the 
server machine to distinguish the certificate from cookies of the request. 

Claim 5. (cancelled). 

6. (currently amended) A- An apparatus comprising: 

a_security machine which configured to secure ITsll exchanges between a client 
machine and a server machine of a computer system, wherein a first protocol used 
between the client machine and server machine is a non-secure stateless protocol, and 
a second protocol implemented between the client machine and said security machine 
is a secure stateless protocol, 

wherein said security machine further comprisin g comprises f an analyzer 
configured to insert an unmodified certificate into a cookie header of an HTTP or 
equivalent request, and further configured to transmit to a server said unmodified 
certificate contained in said cookie header using said first protocol; and 

wherein said cookie header of said request includes a plurality of cookies. 

7. (currently amended) A system comprising: 
a client machine; 
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a server machine; and 
a security module; 

wherein the client machine and the server machine are configured to 
communicate using a first protocol, said first protocol comprising a non-secure 
stateless protocol; 

wherein the client machine and the security module are configured to 
communicate using a second protocol, said second protocol comprising a secure 
stateless protocol; and 

wherein the security module comprises an analyzing program analyzer 
configured to insert an unmodified certificate sent by the client machine into a cookie 
header of a request in conformance with said non-secure stateless protocol, and 
wherein the analyzing program analyzer is further configured to transmit to a server 
said unmodified certificate contained in said cookie header using said non-secure 
stateless protocol, said cookie header of said request including a plurality of cookies. 

8. (currently amended) A rOne or more computer readable m e dium storage 
media upon which is encoded and stored a sequence of programmable instructions 
which, when executed by aone or more s e curity module of a comput e r 
systemprocessors, cause the s e curity modul e processors to p e rform op e rations 
comprising : 

communicating communicate t o a server machine a certificate of a user which 
is sent by a client machine via the-a^security module, wherein a first protocol used 
between the client machine and the server machine is a non-secure stateless protocol, 
and wherein a second protocol used between the client machine and the security 
module is a secure stateless protocol; 



Appln. No. 10/053,703 



Attorney Docket No. T2 147-907679 



inserting said certificate unmodified into a cookie header of a request 
conforming to the first protocol; and 

transmitting the request, including said cookie header containing said 
unmodified certificate, from the security module to the server machine using said first 
protocol; 

wherein said certificate has a plurality of separators; and 

wherein said cookie header of said request includes a plurality of cookies. 

9. (currently amended) The computer-readable m e dium storage media of 
claim 8, wh e r e in th e instructions further compris e comprising instructions to : 

removing remove from said certificate all separators used in headers of the 
request prior to insertion of said certificate into said cookie header of said request. 

10. (currently amended) The computer-readable medium storage media of 
claim 8, wh e r e in the instructions further comprise comprising instructions to : 

determinm gdetermine , prior to the inserting step, whether an existing cookie 
header is present in the request sent by the client machine; and 

cr e ating create a new cookie header if said existing cookie header is not 
present in the request sent by the client machine. 

1 1 . (currently amended) The computer-readable m e dium storage media of 
claim 10, wh e r e in the instructions further comprise comprising instructions to : 

adding a specific cookie into the existing or new cookie header; and 
assigning a configurable default name to said specific cookie to enable the 
server machine to distinguish the certificate from cookies of the request. 
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12. (currently amended) The system of claim 7, wherein said analyzing 
pro gram anal vzer is further configured to: 

remove from said certificate all separators used in headers of the request prior 
to insertion of said certificate into said cookie header of said request. 

13. (currently amended) The system of claim 7, wherein said 
analyze r analyzing program is further configured to: 

determine, prior to said inserting, whether an existing cookie header is present 
in the request sent by the client machine; and 

create a new cookie header if said existing cookie header is not present in the 
request sent by the client machine. 

14. (currently amended) The system of claim 13, wherein said 
analyzer analyzing program is further configured to: 

add a specific cookie into the existing or new cookie header; and 
assign a configurable default name to said specific cookie to enable the server 
machine to distinguish the certificate from cookies of the request. 

15. (currently amended) The security machin e apparatus of claim 6, wherein 
said analyzer security machine is further configured to: 

remove from said certificate all separators used in headers of the request prior 
to insertion of said certificate into said cookie header of said request. 

16. (currently amended) The s e curity machin e apparatus of claim 6, wherein 
said analyz e r security machine is further configured to: 
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determine, prior to said inserting, whether an existing cookie header is present 
in the request sent by the client machine; and 

create a new cookie header if said existing cookie header is not present in the 
request sent by the client machine. 

17. (currently amended) The s e curity maohine apparatus of claim 16, wherein 

said analyz e r security machine is further configured to: 

add a specific cookie into the existing or new cookie header; and 

assign a configurable default name to said specific cookie to enable the server 

machine to distinguish the certificate from cookies of the request. 



